- Log into unifi controller web UI
- Go to Settings
- Select Routing & Firewall
- Select Firewall
- Select Groups
- Hit "Create new Group"
- Enter all your DNS servers here you want to be allowed on the local LAN (Eg, mine is 10.0.1.1 - gateway, 10.0.1.14 - pi-hole)
- Name this "Allowed DNS Servers"
- Hit OK
- SSH into the Gateway - NOT the CloudKey (username/password is whatever you set up)
Accessing a subnet that is behind a WireGuard client using a site-to-site setup
We want to access a local subnet remotely, but it is behind a NAT firewall and we can't setup port forwarding. Outgoing connections work, but all incoming connections get DROPPED by the ISP's routing policy.